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1- Introduction 

In this paper we describe some relatively simple changes that 
have been made to an existing automatic theorem proving program to 
enable it to prove efficiently * number of the limit theorems of ele- 
mentary calculus. These changes include subroutines of a general 
nature which apply to all areas of analysis, and a special "limit- 
heuristic" designed for the limit theorems of calculus. 

These concepts have been incorporated into an existing LISP 
program and run on the PDP-10 at the A.I* Laboratory, M.I.T., to 

obtain computer proofs of many of the limit theorems, including the 

-Me rfte 

theorem that -a- limit of -a- sum of two real functions is the sum of 

their limits, and a similar theorem about products. Also computer 
proofs have been obtained (or are easily obtainable) of the theorems 
that a continpus function of a continuous function is continuous, and 
that a function having a derivative at a point is continuous there, 
as well as limit results for polynomial functions. 

The limit theorems of calculus present a surprisingly difficult 
challenge for general purpose automatic theorem provers. One reason 
for this is that calculus is a branch of analysis, and proofs in 
analysis require manipulation of algebraic expressions, solutions 
of inequalities, and other operations which depend upon the axioms 
of an ordered field. It is in applying these field axioms that auto- 
matic provers are usually forced into long and difficult searches. 
On the other hand, a human mathematician is often able to easily 
perform the necessary operations of analysis without being aware 



of the explicit use of the field axioms. One purpose of this paper 
is to describe ways in which automatic provers can also avoid the use 
of the field axioms and speed up proofs in analysis. Section 2 ex- 
plains how this is done using a United theory of types and routines 
for aloebraic simplification and solving linear inequalities . 

In Section 3 we present the limit-heuristic, give examples 
of its use* and discuss its "forcing" nature which enables it to 
curtail combinatorial searches. 

The reader interested only in Resolution based programs should 
skip Sections 4 and 5 and go directly to Section 6, where we explain 
how resolution programs can be altered to make use of the limit 
heuristic and other concepts. 

In Section 5 we give a detailed description of a computer proof 
of the theorem that-* limit of** product of two functions is the product 
of their limits. This proof was made by a program which is the same 
as that described in [1], except that the subroutine, RESOLUTION, in 
[1] has been replaced by a new subroutine called IMPLY. We have thus 
eliminated resolution altogether from our program replacing it by an 
"implication method" which we believe is faster and easier to use 
{though not complete). This implication method is described briefly 
in Section 4, and excerpts from actual computer proofs using it are 
given there and in Section 5. 

It appears that some of these ideas may have wider implications 
than the limited scope in which they were used here. This is dis- 
cussed in the comments of Section 7 and throughout the paper. 



2. Types and Inequalities 

In the work described in this paper we have used membership 
types whereby the type A Is assigned to x whenever it Is known that 
{x c A). 

Let *a b> denote the open interval from a to b , R * -■-*■ -^ 
P = <0 -> » and n * <-* 0> . We are primarily interested in interval 
types* including the types £ t £, and N- Thus in trying to prove 

(0 * x - Q(x)) 

we would assign the type 9 (or <0 •*> ) to x and then try to prove Q{x), 
For example, suppose that we are to prove 

(1) {0 < b - SOKE x (0 < x a * < b)). 1 

One valid approach is to solve for x in 

{2J (0 < b - < x} 

and then try to verify 

(3) (0 < b * x < b) 

for that same x. But using matching we would get as a solution of (2) 

2 

the substitution [b/x] » and require 

(0 < b - b < b) 



1, Me use the words "SOME" and "ALL" as our existential and universal 
quantifiers. Thus "50ME x P(x)" means "for some x P{x)" f and "ALL x P(x)" 
means "for all x Ptx)". 

2- We follow the usual practice of denotinq a substitution by a list 
[b,/a 1t b,/a~, ..., b /a ] where each a, is to be reolaced by the cor- 

reWdini bj. n n 1 



in {3) which is impossible. 

Of course (1) is unprovable without further hypotheses (or 
axioms) but it can be easily handled by the use of types (which impli- 
citly assumes certain axioms). Our approach in proving (1) is to 
assign. <0 m> to b t and then try to prove 

(«) SOME x (0 < x /, x < b) . 

We first solve 

(5) (0 < x) 

by assigning type <0 *> to x and then solve 

(6) (x < b) 

by assigning the type <0 b> to x> The resulting type of x f <0 b>, was 
derived as the intersection of its initial type <0 »> gotten from (5), 
and the interval <-» b>, which would have been the type gotten from (6) 
alone. Since this intersection is not empty (because b has type <0 »>)j 
it is assigned as the resulting type of x. Even though the variable x 
had already been "solved for" in (5) (typed), it remains a variable in 
the solution of (6) (though limited in scope) and therefore could be 
"Solved for" again (retyped). In the examplesof Section 5 some of the 
variables are retyped two or three times, and this greatly simplifies the 
proofs. 



Types are used by the routines 50LVE< and SET-TYPE which are 



described below. 



2,1 S0LVE< 



This Is a routine for solving linear inequalities. (S0LVE< A B) 
chooses a variable from A or from B and attempts to solve the inequality 
(A < B) in terms of that variable. If this fails it then chooses another 
variable and tries again- Since the terms and variables of A and 8 may 
be typed, this routine must take into consideration such types and reset 
the type of the variable when the solution is obtained. In fact the ans- 
wer is completely given by the new types. The examples below best illus* 
trate this point- If it can show that A is less than B, then the routine 
will return the answer T whether or not A and B have any variables. 



Examples , 



INPUT 



OUTPUT 



{no types) 



I! 



Value of 
(SOLVE- A B) 



New Type of x 



<— 1> 



2. x 1 

Type x 1s <0 »> 



<Q \> 



3. 



1 



4. X*3+C 

Type a 1s <0 



'i ■:■ 



5. 



Type x is <0 D-> 



(-X+d) 



( i 



- <t4i - rh>> 



(intersection *0 D*><0 D^>) 



Type D, is <0 -> 

Type D 2 is <0 -> 

In this example the type of D in the answer could have been 
given as <0 {minimum 1 D ? J> but we find the intersection form more 
convenient. 



•■ i 



<F 



Type x is <0 •> 
Type a is <-« 0> 
Type b is <0 *> 



In the actual theorem proving process, SOlVE^ is applied to 
formulas that have been converted to quantifier free form by the intro- 
duction of skolem expressions- Precautions are taken by S0LVE< to 
insure that it does not solve for a variable x in terms of a skolem 
expression in which x occurs. This is essentially the sane precaution 
taken by J. A- Robinson in his Unification Algorithm [2]. 

For example, consider the false statement 

SOME x ALL y (y < x) . 

The skolem form of this is 

(y x) < x . 

The result of a call to (S0LVE< (y x) x) Is NIL, since x occurs in 
the skolem expression (y x). 

On the Other hand, the theorem 

SOKE x ALL y 50ME z {y < x+2> 

which has skolem form 

(y xj < x+z 

can be proved by a call to (SQLVE< (y x) {x+z)J which correctly assigns 
type <{y x)-x *> to z. 



3- A skolem expression is a term whose main function symbol is * 
skolem function. cf.-the-£o«note in Section 4 which describes the 
elimination of quantifiers by the introduction of ftkolem functions. 



Actually, t*rH routine just retypes a variable in a way that 
guarantees the solution of the desired inequality. 

More extensive routines could easily be written (indeed have 
been written by others) to solve nonlinear inequalities* but these were 
not found necessary for proving the examples reported here, 

2^2 SOLVE* . This is a routine for solving linear equations. Given 
two arithmetic expressions A and B f it selects a variable x from A or 
B and trys to solve the equation (A * B) in terms of x. If it succeeds, 
with answer y, it returns the substitution, [y/x] . Otherwise it 

selects another variable and trys again, returning NIL if all fail. 

2.3 SET-TYPE. This is a subroutine which assigns types to certain 
skolem expressions. If a formula of the form {A c B) Is In a conjunctive 
position of E {i.e., E can be expressed as ((A c B) a D) for some D), 
and if A is a skolem expression which does not occur in B, then (SET-TYPE E) 
assigns the type B to A and returns D, the fonrula gotten by removing 
(A £ B) from E. If A already has type C, then SET-TYPE assigns the inter- 
section (BO C) as the type of A, if (B O C) is non-empty- If (OaC ) 
is empty it returns E. If (BAC } is not empty, but cannot 

be given specifically then the formula (intersection B C) is given as the 
type of A. 

For example, if E is the formula 

(A A (x c£ A {B - y c JO)) 

then (SET-TYPE E), assigns P as the type of x, and returns 



{1) (A a (B - yeB])- 

If, in this example, x already had type j^, 

then£ is assigned as the new type of x; 
1f It already had type <-l 1> then it assigns type <0 1> to x; if it 

already had type <-» -1> then it returns (AasA* £ -M^(6-* tf£ £))< 
In a similar way, it assigns types to sfcolem expressions which 

satisfy certain inequalities- For example, if E is 

(A < A (B < 1 v C)) 
then (SET-TYPE E) assigns type <-- 0> to A and returns 

(B < 1 v C). 
and if E is 

(A < B A C) 

then (SET-TYPE E) assigns type <— B> to A, and type <A -> to B and returns 
C. Similarly, (SET-TYPE (A f 0)) can be made to assign type (union <— 0> 
<0 -») to A, but this sort of typing was not used in any of the examples 
given in this paper. 

2.4 SIMPLIFY 

This is an algebraic simplification routine which converts al- 
gebraic expressions into a canonical form, sorts Its terms, and cancels 
complementary terms of the form (a+(-a)) and (a--)- It is used in all of 
our routines which manipulate algebraic expressions. Such routines are 
not new to the literature. 



Examples . 

INPUT OUTPUT 

(a-(b+c)) (a-b * a-c) 

(a-b-I) b 

(|b+c-b| * a) (|c| + a) 

(-Ka-j) - 1 1 > 



3. Limit Heuristic 

The limit heuristic rule defined below, In conjunction with the 
routines described in Section 2, is used to help prove limit theorem. 
LIMIT-HEURISTIC: When trying to use a hypothesis of the type 

|A|<E' 
{and possibly other hypotheses) to establish a conclusion of the type 

|B|<E. 

4 
first try to find a substitution q which will allow B to be expressed 

as a non-trivial combination of A q » (B = K*A + L) , and then try to 

establish the three new conclusions: 

A. (|K| <H) o , for some M, 

B. {|A| <E/2-M) o , 

C. (|L|<E/2) fl 

Such a procedure is valid because if we can indeed find sych a q 
and prove A, B, and C t then we would have 

|8| e . lK.A + L[ o 

< M-E/2M + E/2 

- E. 
Of course, this 1s based on the triangle inequality, and uses the fact 
that 1/2 + 1/2 = 1, HO/M = 1 for H*0, etc. 



4. The notation B denotes the result of applying the substitution 
o to B. " 

5. The routine EXTRACT, described in Section 3-1 below, 1s used 
to express B in terns of A. 



As an example, in proving the theorem that the limit of -*. product 

of two functions of real variables is the product of their limits, we find 

ourselves trying to establish a conclusion of the type 

(1) If{x)-g(x) - L V L 2 |< E. 

Among our hypotheses is 

{2) M* 1 ) -lj| <E", 

which can be used to help establish (1} (provided that we satisfy the 

conditions for (2) )< If we apply the limit heuristic to (2) and (1) 

we find that for o = [ x/x 1 ] 

<f(x).g{x) - L r L 2 ) 
can be expressed as a combination of 

(f(x') - L,) a , 
viz-, 

g{x)«(f{x) -L,) + L 1 -(g(x) - L>), 
and are able to establish the three subgoals: 

A- |g(*)l <M* for some M. 

B. |f(x) - L 1 1 <E/2-H, 

C; |L,-(g(x) - L 2 )|<E/2. 
Subgoal A follows from the hypothesis 
(3) |g(x") - L 2 I<E" 

{which also has conditions that must be satisfied). Subgoal B follows 
from (2), and subgoal C follows frcm (3). 

The complete proof of the limit product theorem is given in 
Section 5 in great detail. The limit heuristic is used there not 
only to set up the three subgoals A, B, and C, but also to establish 



A and C> by proposing further subgoals. 

Because the limit heuristic enables our program to prove many 
theorems about limits, we regard it as a rather interesting trick. 
But more interesting and important than the fact that it works some 
problems is the principle behind it. That principle might be stated: 



To establish a conclusion C from several 
hypotheses, among which is H> force H to 
contribute all it can towards establishing 
C and leave a remainder to be established 
with the help of the other hypotheses. 



The value of such a "forcing* technique is twofold. First, if 
one can truly make H contribute all it can towards C, then H is not 
needed to establish the remainder. That is, a reduction in the number 
of hypotheses is achieved while a significant step in the proof is made. 

Second, it is implicit in the notion of "force" that certain 
facts are used to make an inference in a computational manner. For 
example, the limit heuristic "uses" many facts about algebra, such as 
the triangle inequality; but these facts are used to compute something, 
not to make random inferences. This strongly inhibits the generation 
of subgoals that occurs if one freely permits the application of axioms 
to his goals. We conment further on this "computational" aspect of the 
limit heuristic in Section 7. 

We feel that such a forcing technique has applications in other 
areas of theorem proving where two or more hypotheses H, , Hg*...^ are 
needed to establish one conclusion C that cannot be logically divided. 



In such applications the user must provide a heuristic which will enable 
the computer to determine how to get a partial result from H, and leave 
a remainder C to be proved by the other hypotheses. 

The limit heuristic uses the routine EXTRACT described below,which 
1n turn uses the simplification routine described in Section 2, 

3-1 EXTRACT 

If there is a substitution o for which Q can be expressed as a 

non-trivial combination of A . 

o 

(B - K-A + L)o 
then (EXTRACT A B) returns (Ho), where o is the most general such 
substitution. Otherwise NIL is returned. 

A more precise definition follows the examples. 



Examples 

In the fallowing^ the symbols x, t, and h represent variables while all 
other symbols represent constants. 

1. (EXTRACT A (K-A+L)} - (K L T). 

2. (EXTRACT A(t} A(t )J = (1 [t /t]). 

3. (EXTRACT (f(x)-L,) (f[X c )+g(x ) - (L,+t a ))3. 

= (1 (9(x ) - L 2 ) Cx /*]>. 

4. (EXTRACT (f(xK t ) (f(x )-g(* ) - L,-L 2 ) 

= (9(x ) (L r g(x ) - L r L 2 ) [x /x]). 

5. (extract CfUK) ( fa- .*» 7 - ( - ^0 T). 

6. (EXTRACT ( fl***k f W - f) (f(x) - f{a))) 
■ ((x-a) (x-a).F' [h/{x-a)l). 

7. (EXTRACT ((x -a) (x? -a?)) ■ ({x fl *a) T). 

8. (EXTRACT (a-xg+c) (b-x +d)) 
■ <-fe (d-to) T). 

9. (EXTRACT (a-x +c) (b-y.+d))= ML. 



Examples 3, 4, 5 are useful 1n proving limit theorems about the 
sum of two functions, the product of two functions (see Section 5), and 



6. Throughout this paper we use the letter "T" to denote both 
"truth", and the empty substitution. This reserves "NIL" 
for denoting "false". 

7. In this example, the second argument is first converted to 

(L|- ' f(x) • 1 ), by use of a least common denominator. 

f(x)-Li f<xKi 



the quotient of two functions. Example 6 1s used in proving that a 
differentiate function is continuous. 



Suppose there is a substitution c and an expression x such 
that, A and B Q are polynomials in x, and B is linear In x . Then 
there are expressions a, c, b and d such that x does not occur in c» b, 
or d, and A and B can be reexpressed as 

A fl = a-x * c . 
B fl ■ b-x + d , 

and (EXTRACT A 8) returns the value (| (d - ^p) o). If no such cr 
and x exist then EXTRACT returns NIL, 



4. The Implication Method 

At the heart of the prograir is a subroutine called IMPLY whose 
essential purpose is to handle logical deductions in the predicate cal- 
culus. It is a replacement for Re_solution in [1]. We offer here a 
cursory description of its operation, sufficient to an understanding 
of the proofs in section 5. 

The operation of IMPLY bears a closer resemblance to the proof 
techniques of the mathematician than does jiesolution. In general IMPLY 
examines the connectives in the formulas given as arguments to it and 
creates one or two subgoals. These subgoals are usually calls to IMPLY 
with new arguments which are closely related to but simpler than the 
original arguments. The resulting analysis of the formula to be proved 
is easy to follow. 

This rather natural operation bears some responsibility for 
the development of the L'imit juristic and the other techniques of this 
paper. In comparing the subgoals called by IMPLY with the methods of 
proof used in elementary calculus we established new subroutines and 
subgoals, such as the llimit tfeuristic, sufficient to prove a number of 
theorems. 

The subroutine IMPLY has two arguments: 

E (the current formula under examination) 
ft { a reserve). 
Usually E is of the form 
(H-C) 

The answer to a call to IMPLY is either a substitution or NIL, The 

■ 

latter indicates failure to establish the subgoal. IMPLY attempts to 



find and return the most general substitution : such that (R - E) is true- 
If o Is the empty substitution then IMPLY returns T\ 

Table 1 gives rules describing some of the operations of IWLY. 
These rules are applied in the order of their occurence in the table; If 
one fails, the next is tried; If all fail, IMPLY returns NIL. IMPLY re- 
turns the value given by the first rule which does not give NIL, In 
the following we use the shorter notation [ E » R ] for (IMPLY E R). 



INPUT 



cur cut 



1. [H - C, R] 

If H 'C , then 



If there is a substitution 
which unifiejfH and C, 
(i.e., H fl s C o ) then 



2. [AaB, H] 



2.1 



2.2 



If. 



[A,R] yields aY 

and 
[8,R] ol yields o2 



then 



(ol « c2) 



3. fA v B, R] 

If [A,R] yields cl , then 
If [B,R] yields o2, then 



ol 

o2 



4. [{A - B) - C, R] 

4.1 i"[B ■» C, R] yields ol 

If^ and 

4.2* ^[R + A, NIL] , yields oi 



then (ol o o2) 



Tnis rule is cormonly known as backwards chaining. 



5. [H - (A - B), R] 



[Ha A - B. R] 



6. 



[A v B 


- C R] 


6.1 ([A - C, R] yields ol 

I f < and then 

U^ol - C * R ol ] yie,d5 ° 2 


6.2 

If 


f[B - C, R] yields ol 

and then 
[A fll - C. R fl2 ] yields 2 



1*1 V *2, 



M t; c2) 



8. When we use an expression like "[A,R] yields 3 ", it is to be understood 
that we also mean that s is not NIL, 



7. 


[A A B - C. RJ 








Jf [A - C, R) yields rl 


then 


si 




If [B - C, R] yields o2 


then 


0? 



8. [H - A a 8, R] 

j[H - A, R] yields ol 

8.1 If <* and then (ol u o2) 

[EH- B o1 , R ol ] yields ol 

f[H - B, R] yields ol 

8.2 Iff and then (al o2) 

U H - A 1 • \^ > ields ° 2 



9. 


[H 


- A v B, R] 










If [H -A, R] yields ol 


then 


ol 






If [H - B, R] yields o2 


then 


o2 



10. [H - ^A v B, R] [H a A - B, R] 

11. [4»B t C,R] [B - AvC.R] 

12. [*H-C, R] [R - C vH. NIL] 

13. [H - <, R) EH AC - NIL, R] 

14. [A = B - C, R] ER 1 *C, NIL] 

where R' and C are gotten by replacing B by A in R and C. 

15. [H - A - B, R] (S0LVE= A B) 

(i.e., if there is a substitution o, 
which unifies A ar.d B, then 
return o} 

- 
■ 

Table 1 (concluded) 



Before a formula E is sent to IMPLY it is first converted to 
a quantifier fr?e form* but without converting it first to prenex normal 
form. The quantifier free form is achieved by u.>ing skolem functions, 
and is essentially the same as that used jy Wang [3]. A call is then 
made to (IMPLY E NIL). 

For example the formula 

(1) (P(y) A ALLx (P{x) -* Q{x)) - q(y}} 

is first converted to the skolem form 



(P(y ) A (P(x) - Q(x)) - Q(y o )) 
where y is a skolem constant and x is a variable, and proved as follows. 

1. (IMPLY (P(y Q ) A (P(x) - Q(x)) - Q{y Q )) NIL) 

1.1 (IMPLY (P(y ) - Q(y )) (P(x)-Q(x))) Rule 7 

This fails. 

1.2 (IMPLY ((P(x) - Q(x»- 0(y o )> P(y )J 7 

1.2.1 (IMPLY (Q(x)-Q(y )) P(y )) 4.1 

This yields c » [y Q /x] by Rule 1.2 



10. Specifically, if "positive" and "negative 1 * are given the 

meaning as in Wang [3] pp. 9-10, then the elimination of quantifiers 
consists of deleting each quantifier and variable immediately after 
it, and replacing each variable v bound by a positive quantifier with 
a list whose first member is v and whose other members are those 
variables bound by negative quantifiers whose scope includes v. This 
list which replaces v is simply the application of a skolem function to 
certain arguments. With no ambiguity, but as an aid to memory, the 
skolem function is named v. 



1.2.2. (IHPLY (P(y Q ) ' (P(x)v Q(y J)J ML) g A.2 

(IMPLY <P(y Q ) - (P(y Q ) v Q{y ))J MIL) 

(IMPLY (P(y Q ) -P(y Q J) NIL) 9.1 

This yields T by Rule 1.1 



So the final answer to 1, is [y o /x], and the theorem is 



proved. 



for the example 

(SOME x (ALL y P(x,y)) - ALL s (SOME t P(t.s))) 
the skolem form is 

(P(x , y) - P(t, s ». 

A call 15 made to IMPLY 

(IMPLY (P(x o . y) - P(t. s Q ) NIL) 

which yields [x Q /t, s Q /y] by Rule 1.2. QED. 

In trying to prove the non-theorem 

(ALL y (SOME x P(x, y)) - SOME t (ALL s P{t. s))), 
the skolem form is 

<P((xy). y) - P(t, (s t)) 
where {x y) and (s t) are skolem expressions. A call to IMPLY 

(IMPLY (P((xy),y) - P(t, (st))) NIL) 

fails; Rule 1.2 cannot be applied because the formulas P((x y), y) 
and P(t, (s t)) cannot be unified. A partial unification is given by 
[(x y)/t], but the resulting pair 



p{{* y). y). P((xy), (s (x y))) 

cannot be unified by [{s{x y))/y] since the variable y occurs in {s{x y)). 
When attempting to prove an expression E with the help of 

axioms. A,, A 2 A fl , (where all free variables in the A. have been 

universally quantified), a call is made to (IMPLY E' NIL) where E 1 is 
the skolemized form of 

{A 1 a Ag . , , a A n * EJ . 

In the operations described in Table 3, a resemblance can be 
seen between the method of Gentzen sequents (cf, Kleene's G3 [4]) and 
the subgoals which IMPLY sets up. The technique of finding a most general 
unifier is the Unification Algorithm of Robinsor£2]0n the whole, IMPLY 
is closer to the system of Prawitz [6] than to resolution. 



5. Examples of Computer Proofs . 

Here we give excerpts from the proofs of five theorems, which 
were made by the program PROVE* using IMPLY as its principal subroutine. 
PROVER is explained 1n [1] and IMPLY is described briefly in Section 4 
above, but the reader familiar with Sections 2 and 3 should be able to 
follow these descriptions with no reference to [1] and little to Section 

In order to use the limit heuristic described in Section 3, 
we need to add the following rule to Table 1. 

16. [|A| < E' -• |B| < E.R] 

If 
16-0 EXTRACT (A B) 1s (K L o) (i.e. (B = K-A * L) fl ) , 
and if 

16.1 [R - |K) < M, NIL] yields ol," 

12 ° 

for spme variable H, and if 

16.2 [|A| < V - |A| < E/2-M, R]^ yields o2, 
and if 

16.3 [R - |L| < E/2, NIL] yields o3, 

then return the value {o t ab o2 « o3). 

Also.we need two additional rules for solving inequalities; 
one rule for types, and one for equations. 

17. [H - a < b, R] (S0LVE< a b) 

IB. [a < b - a' < c, R] [(b < c) v (b = c), R] fl 

If there Is a substitution o for which (a = a') « 



11. In case 



K " 1, step 16.1 is ornjltted, and M is set to 1 in 16.2. 

12. H is given type <0"*and also M is made an additional argj-^ent of 
all skolem functions which already have at least one argument. 

13- In case L = 0, step 16.3 is otnjvitted. 



19. [H - A i B. R] 

If A Kas type B tnen T 

20. [a = b - c = d, R] {SOLVE' (a-b) (c-d)) 

These five rules are placed at the beginning of Table 1 (Sec- 
tion 4). in the order 17, 18, 19, 20, 16. 

AlsOja provision is made for assigning types to an expression 
A when it appears in the form {A t B) or (A < B) in the hypothesis of the 
theorem being proved. This is accomplished when IMPLY is proving a sub- 
goal of the form [H - C, R] by replacing H by (SET-TYPE H). Such calls 
to SET-TYPE need only be made in Rules 5, 10, 13, and before the first 
call to IMPLY, when new material is added to H, (see Section 2.3). 

In what follows, R. denotes the real numbers , P denotes the 

positives, and FRR denotes the functions on ft to £. We use (Lim f a L) 

to denote lim ffx) = L . The standard definition of limit is: 
x-a 

(Lim f a L) <-> 

fa c R) a (L ( R) a (ft FRR) a 

(ALL t (0 < t - (SOME fi (0 < 6 a 

(ALL x [{x c R) a UM) A l*- a l * 6 * l f (*) " L l * <») 
Example 1 (Limit of a product) 

The program PROVER Is given the formula 

(L1m f a L 1 a Lim f a Lg - Lim (f.g) a (L 1 -L ? )) 
The definition of limit is used to obtain 

((a e R_ a L 1 e R. a f e FRR A ALL E 1 {0 < t^ 

- SOME 0, (0 < 0, A ALL x, (x^ R. A x, f a A 
|x r a| * D, - IfUj) - 1,1 < E,)))) 



A. (a ; £ A L, r R A g ■ FRR a 

ALL Eg {0 - E 2 - SOME 2 (0 < D ? A 

ALL x 2 (x, £ R a x, / a A |x, - a| < D- 
- l9tx 2 ) - L z | < E 2 )))) 
* (a £ R a (L,-L 2 ) eR a (f-g) t FRR a 

ALL E (0 < E - SOME D {0 •= A ALL x (x c R A 

x f a /y |x-a| < D - |(f g){x) - L,<Lg| < E)})J) 

The first three parts of the conclusion (a t Jl) (ti'Lo) c R 

(f-g) c FRR are proved by the program using the hypotheses of the 
theorem. 

The remainder of the theorem is prepared for IMPLY by replacing 
(f*g){x) by (f(x)'g(x)} and by eliminating the quantifiers and Introduc- 
ing skolem expressions. 



(1) ((a) ■- (ft) A (L,) ■- (ft) A (f) ■: (FRR) a 

(D <E, - (0 - (D, E,) A 

(*! ' (RJ a Xj / a a |x, - (a) | < |(D, Ej) 
- !{r)(x,) - (L,H «£,») 

((a) e (R) A fL 2 ) c (R) a (g) c (FRR) a 

(0 < E 2 * (0 < (D 2 Eg) * 

(x 2 E (£) A » 2 ' < a > A l*2 - U)| < (D 2 E 2* 

- I(g)(x 2 ) - (l 2 )| < e 2 ))) 

- (0 < (E) - (0 < D a 

((x D) e (R) A (x0)/ (a) a |(X D) - (a)| < D 
" Kf)((xD)).(9)«xD)) - (L^-a^l < E))) 

For readability and brevity, the stolen expressions are ab- 
breviated in the following. Thus x is used in place of (x D), U in place 
of (L,), f[x) in place of (f)((x D», and so on. 




Thus we write the above expression as 

In} .-(a '- 5 A LpU f 'FRR A 

(0 < E 1 - {0 < Dj a 

{x. c R A x. i a a |x 1 - a| < 0^ 

V ■* |f(x,) - L,| « E,)).)) 

'a (a r. R A L, c _R a g e FRR a 

(0 < E 2 * (0 < D 2 A 

(x- c R. A x- i a a |x, - a | < D. 

- |g(x 2 ) - l 2 | < E 2 )))) 

(0 < E * * D A 

(xc_Ra x/fl a |x-a|<D 
- |f(x)-g(x) - U 1 -L 2 | < E)). 

The computer continues to use the full skolem notation throughout Us 

proof. 

Before we follow the proof procedure for this theorem in great 
detail, we first sketch the proof that the computer will produce. 

Given E > , choose M, H' . E r and E 2 so that 

H > 2'j^l * 
H' > |L,| . 

E. < E/2-M , 

E 2 <min (H/2, E/fl-M') . 

By hypothesis, there exist D, and 2 such that < D, and < D 2 , and 

for all x, if x t a and |x - a| < min (D,, D 2 ) , then 

|f(x) - L,|<E. , 
and 



tg(x) - L 2 i ■ E 2 . 

Furthermore, for al! x, if x / a , and |x - a| ■• roin (D-, 0_J , 
then since 

|g(x) - L 2 |< E 2 < H/2 , 

it follows that 

|g{x)| < M/2 + |L 2 | 
< H/2 * H/2 , 
|g(x)| < H . 

So let D be a number such that 



< D < mfn (D, , D ) . 
If x is any number such that x f B and |x - a| < , then 

|f(x)-g(x) - L,-L 2 | 

■ |g(x)-(f(x> - L r J * lyWx) - L 2 )| 

< |g(x)-(f(x) - L,)! + |L r (g(x) - L 2 )| 

■ |g(x) | - |f (x> - L T | ♦ |Lj|-|g(x) - L 2 | 

< M - E/2-H + H'-min (M/2, E/4-M') 
± E/2 + M' - E/4-M' 

< E. QED. 

The key to this proof is the proper selection of H, H' , E,» E ?l 
and 0. The computer makes precisely these same selections though its 
handling of types. 



We now resume tnat description of the computer's procedure 
in finding its proof. A call is made to 

{IMPLY {a a 8 - yJ NIL) 

where a, 8, and y are given in (ii) above. 

SET-TYPE ts applied to (a a a), assigning type R. to a, L. * 
U, and type FRR to f and g. and the subformulas (a t R), (L 1 e R) t 
(L« e £), {f £ FRR) t and {g c FRR), are removed from .1 and a . 

Rule 5 is applied, converting the formula to 

(c a 8 a < E ■+ 0<0 a (x t £ a x f a a |x-a| < D 

* |f(x)-g{x) - L^Lgl < E}). 

SET-TYPE is applied to the hypothesis; E is assigned type <0 »> and 
(0 < E) is removed. 

Rule 8 calls imply on the two formulas 



(a a B * < D) 



and 



(aAfl - (x e R a x ?* a a |x - a I < D 

The first call is satisfied by Rule 17, which uses SOLVE* to 
assign type <0 »> to D. The second results in an application of Rule 5* 
so the current subgoal is 

(a a 6 a (x e R A x f * A |x * a I < D) 
- If(x)»gfx) - U.L 2 | < E) 



SET-TYPE is applied to the hypothesis; x is assigned type R 
and (x t £) is removed. 

By Rule 7, the reserve R is set to 

( 5 A x t a A |x - a| < D) , 

and 

(o - |f(x)«g(x) - L r L 2 | <E> 

becomes the current goal. 

Rule 4 (backward chaining) is now applied. That is, the pro- 
gram tries first to establish the conclusion |f (x) -g(x) - L- L« | < E 
from *. This is subgoal (1). When this subgoal is established, the pro- 
gram tries to satisfy the hypothesis of a, namely subgoal (2) below. 

(1) (0 < 1 a (y R a y a a |x - a| < 

* |f(x,) - L,| < E,J 
* |f(x)-g(x) - L r L 2 | < E) 

By Rule 7 the program first tries to prove 

(0 < D, + |f(x)-g(x) - L^Lgl < E) . 

But this fails. Therefore by Rule 7 (2nd part), 

((x 1 c» a y a a |y a|<B - |f(Xj) - L, | < E^ 
- |f{x)-g{x) - L,-L 2 | * EJ 

becomes the current goal. (From now on we shall not mention those sub- 
goals which are tried but not established. ) 



Again the program "chains backwards" using Rule 4. The current 
subgoal becomes (11) and the hypothesis 

(x, t£ A X, / a A jx, - a| < D) 

is satisfied later at (1?). 

(II) (|f{x 1 ) -!_-,! < E n - |f{x).gfx) - Ij.y <E) 

The program now tries to apply Rule 16, the limit heuristic. 
First 

(EXTRACT (f(x, - L,) (f(x)-g(x) - L,-L 2 )) 

is computed to be (g(x) (g(x)-Lj - L.*U) a), where o « [x/x.]. This 
follows from the equation 

(f(x)-g(x) - L r L 2 ) =((g(x)-(f{x) - L,) + {g(xH, - L^)) 

Because the result of the call to EXTRACT 1s not NIL, Rule 16 is applicable. 
The program tries to establish the three subgoals {111), (112), (113), in 
accordance with Rules 16.1 > 16.2. and 16.3. The current subgoal is 

(III) (a a x f a * |x - a| < D - Ig(x)| < H) 

where M is a new variable which Is assigned type <0 ->. (Also M 1s 
made an additional argument in the skolem expressions (D^E,), (D^Ep), 
(x D)» in accordance with footnote 6 above* Although these new skolem 
expressions (D, l, M), {D ? E ? M), (x D M), will not appear in our des- 
criptions since we are abbreviating them to D, , D«, x f they nevertheless 
play a crucial role. For example, in step (111 1) below the H in (x M) 
prevents Rule 17 and S0LVE< from assigning type *|g(x M)| »> as the ans- 



wer to (111 1). See Section 2.1.) 

By Rule 7, the reser.s R Is set to (* t a A ,x - a • D) and 

(s - |g(x)| < M) 

becomes the current subgoal. 

(Rule 4 is applied. (Ill 1) becomes the current subgoal and 
the hypothesis of r is satisfied later at (111 2). 

{Ill I) {0 < Da(x 2 c R a % z f a a |x 2 - a| < D 2 

~ Ig(x 2 ) - L 2 | < E 2 ) 

- |g(x)| < H). 
By Rule 7 the program tries 

((x 2 e£ a x 2 t a a |x- - a| < D, - |g(x ? ) - L_| * E ? | 

- |g(x)I < H). 

Another application of Rule fi sets up the two subgoals (111 11) 
and (111 12). 

(Ill 11) (|g(x 2 ) - L 2 | < E 2 - |g(x}| < H) 

Since (EXTRACT (g(x 2 ) - Lg) g(x)J yields (1 L 2 [x/x 2 ]) the 
limit heuristic is applicable to (111 11). Because 1 1s returned as the 
value of K from EXTRACT, only subgoals (HI 111) and (111 112) are tried, 
in accordance with Rule 16. The current subgoal becomes 

(111 111) (|g(x) - L 2 | < E 2 - |g(x) - L 2 | < M/2). 



By Rule 18, the program tries to establish 

(E 2 < M/2) V tt 2 ■ M/2 ) 

The first half of the disjunction is satisfied by a call to 
(50LVE< Eg M/2K giving type <" M/2> to E 2 - Thus subgoal (111 111) 
is established and the program tries to prove 

(111 112J (x (* a a |x - a| < D - |l_ 2 | < M/2). 

Rule 17 is applied; (SOLVE' |L 2 | H/2) is called, resulting 
in the type <2-|L 2 l ** for H. Hence both subgoals of (111 11) are estab- 
lished. 

The program now returns to the subgoal 

(111 12) (x f a a |x - a! < D ■+ 



x« e R A x« f a a jx* - a| < D ? ) , 
where o = [x/x*]. That is 

(x f a a |x - a | < D * 

x e £ a x j* a A |x - a| « D 2 ), 

This subgoal is established by several subcalls* The conclusion (x t R) 
follows since x 
has type JJ. (x f a) occurs in the hypothesis- And finally 

(|x - a| < D ■+ jx - a| < D«) 

is established through Rules 18 t 17, and a call to S0LVE<. As a result, 
the type of D is changed to <0 D 2 >, 

(Ill 2) (x f a A |X - a| < D - < E 2 ) 

1s established by Rule 17. SOLVE* types E 2 as <0 M/2>, Recall that 



5-11 (:ont'd) 

E ? was given type*" M/2 at fill 111). Thus both subgoals of 

(111) have been established and the program returns to the second subgoal 
of the first use of the limit heuristic 

(112) (|f(x) - L,|c E] - IHx) - L,| < E/2M ). 

This subgoal is quickly established using Rules 17,18 and 
(SOLVE* Ej E/2M), which assigns type *-* E/2M > to E,> 

The third subgoal of the first use of the limit heuristic is 

(113) (BA xhA|x-a|<D - IgW'L, - L^l < E/2). 



By Rul° 7, the reserve '! is set to (x 1 a -\ ,x - a I -0), 
and the current subgoal becoiaes 

(B - |g{x) L, - L, Lgl < E/2). 

The program chains backwards twice. 

{113 1) (0 < D 2 a <* * " A x * a A lx - a| < D 2 

- |g(x) - L 2 | - e 2 ) 
- |g(x)»L, - L,-L 2 | < E/2) 

(113 11) (l9(x) - L 2 I * E 2 - |g(K)-L 1 - L 1 -L 2 | < E/Z) 

Since (EXTRACT (g(x) - 4) (g(x)-L, -Lj-Lg)] yields 
(L. T), the limit heuristic is again applicable, and subgoals 
(113 111), (113 112) and (113 113) are tried. 

(113 111) U J* a K |X - a| < D - |L,| < H') 

becomes the current subgoal, where M' is a new variable of type <0 ->. 
This goal is established by assigning type <|L 1 | -> to H' , by Rule 17 . 

(113 112) <|g<x) - L 2 I « E 2 - |g(x> - L 2 | < (E/2J/2.H 1 ) 

This subgoal is established by use of Rules 17, 18, and a call 
to (SOLVE* E 2 E/4-M'). E 2 is retyped as (Intersection <0 M/2> 
<— E/4-H'*). Recall that E 2 had been given type <0 H/2> to establish 
(111 2). Since the program does not know which of H/2 and E/4-M' is the 
smaller, the intersecticn is given as the answer, after it has checked 
that the intersection is non-empty. 

The formula 

(113 113) Ul<a A |x-a|<D - |0| < E/4) 



Is the last subgoal of the last use of the limit heuristic. It is 
satisfied since i already has type fc . 
The program now returns to 

(113 12) (x f a A |x - a| < D - 



x c 



R a x 1 a a |x - aj e D 2 ), 



\:hich is the same as (111 12)- Also 

(113 2) (x * a a |x - a| < D ^ < E 2 ) 

is the sane as (111 2). 

All of the subgoals of the first application of the limit 
heuristic at (1 1) have been established, giving as an answer to (1 I) 
the substitution o = [x/x, , x/x^]. 

The program now tries to satisfy 

(12) (fl A x t a a |x - a| * D 



* *1 c 



£ A x, t a A |x<| - a| < D, ) 



The substitution [x/x^] establishes the first two parts of the 
conclusion- To prove the third part, the program tries 

(|x - a| < D * |x - a| < Dj) , 

which results in the retyping of D as (intersection <0 D*> <— D»>). 
Recall that D previously had type <0 D*>. 
Finally the subgoal 

( ? Ax^aA 'x - a| < D + < E,) 

is established by Rule 17 and a call to (S0LVE< ^) which retypes E ] 



ascO E/2*M>- Ej previously had type *-■ E/2 M% 

The proof is complete. We list here the final types assigned 
to the variables. Hole that ttto program has made just those "choices 11 
described in the sketch of the proof which was given earlier. 

E, E/2-H> 

E 2 {intersection *D H/2» <-» E/4-M'>) 

(intersection <0 D*> <-~ D*>) 

H <2-)L 2 l -> 

M' <|L 1 | -> , 

■ 

This proof may seem long and drawn out but these are essentially 
the steps a human prover would have to follow in finding and exhibiting 
a proof. 

In the following examples we proceed directly to skolero form 
and consider only the proof of the main conclusions. Many steps in each 
proof are omitted. 

The notation H, is used to denote the hypothesis of Step i. 
Rule reference numbers are sometimes given to the right of formulas along 
with new type assignments. 

Example 2 . (composite continuous function theorem). 

1. (g is continuous at a) a (f is continuous at g(a)) 

■* f:g is continuous at a. 

2. Lim g a g(a) A Lim f g(a) f{g(a)J - Lim (f:g)a f(g(a)). 



3. {0 * Ej - (0 - D, A (x 1 . _R a x, * a A ix, - aj , Dj 

- 19(^1 - 9(a)! * E,»> 

rt (0 < E 2 - (0 < D 2 A (x 2 £ _ft_ A x ? / a A |x 2 -a| < D ? 

- if(x 2 ) - f(g(a))| < E 2 ))) 

(0 < E - {0 < a (it I: a x f a a |x - a| <D 

- |f(g(x» - f(g(a))| < E))) 

In 3 the variables are E„ x,, E 2 , x 2 , D, and the skolem expres- 
sions are {D, E.}, (D 2 Eg}, (EJ, (x D), (a), etc. 



CURRENT SUBGOAL 



4. (H 3 - < D) 

5. (SOLVED D) 



RULE 

5. 8 

17 



NEH TYPE ASSIGNMENTS 
E <0 -> 
D <0 -> 



6. (H 3 a * * a a [x - a| < D 

- K(g(x)) - f(gOO)| < e), 



7. (|f(x 2 ) - f<g(a))| < l, £ - |f{g{x)) - f{g(a))| «E) 



fl. <E 2 < E v E 2 • E 1 
9. (S0LVE< E, E) 



IB 
9. 17 



■z * 



— E> 



10. (H, * < E,) , a condition from Step 7. 



E 2 <0 E> 



11. {SOLVE* E 2 ) 17 

12. (H fi - x 2 e jt_ a x 2 f a a |x 2 - a| < D^ , a condition from 

Step 7, where o " [g(x)/x.,] 



13. (H 6 4 ig( x ) - a; < D 2 3 

14. (Igfit,) • g(a): - E, _ gfx ) . g(u) . ,y 

15. <SOLVE< £, D z ) is. 17. , = [^J 

16. fH fi - |x - a) t D,), a condition from Step 14. 

17. t|* - aj < D - Ik- al'-n,) 7 

18. (SOLVE* D D.) 18i , 7 



E| <- D 2 > 



<0 D,>, 



_QED 



5-17 



Example 3 . (Differentiate functions are continuous). 

If i (m f{***) - f(a) s r then u« f( x ) - f(«). 
h-0 x-a 

1. (Derivative f a F 1 - Continuous f a) 

2. (Lim q F' - Lira f a f(a)), 

where q{h) is the difference quotient f < a + n ^- f t a ) . 

3. {0 < E 1 - (0 < Dj ', {h c R A h f A |hj < Dj 

- | f t a ' h > h - f < a > | - r < E,))) 

{0 * E - (0 < D a (xeRa x ? a a (x - a | < 

•* If(x> - f{a)| < E))) 

In 3 the variables are E», h, D, and the skolem expressions 
are (D, E,), (E), (x D), (a), (F'), etc 



4. (H, A x f a A |x - a | < D - |f (x) - f(a) \ < t) x R 



, ,|dafr 



fU) 



- F 1 



<L 1 



- |f(x) - f(a)| <E) 



Rule 4 



The limit heuristic Rule 16 is applied, 

(EXTRACT < f < a * h ) - f ( a ) . F »J (f( x ) . f( a )}). yields 

((x - a) (x - a)-F' <r ), where o = [(x - a)/h]. 

5. (H 4 -, |x - a| < M) 16.1 

6. ( |x - a| < D ■• |x - a| * K) 

7. (SOLVE* D H) 18, 17 D <0 H> 



( 



M») - f <«> - F'l • E, 
x ■ a 



9. 
10. 

n. 



I x - a 

(S0LVE< E, E/2-M) 



E/2-K) 



{H 4 + |(X- a) -F'l < 1/2) 

(|x - al < ■+ llx - aJ-F'l < E/2) 



Rule 16.2 
ie, 17 
16.3 



E, <-* E/2-N. 



The limit heuristic is again used, EXTRACT yields (F 1 T). 
12. (H. - |F'| < H) 16.1 



13. (SOLVE* |F'| < M) 

14. (|x - a| < D - |x - a| < E/4-M') 
etc. 

15. (x f a a |x - a| < D 

* h cJ*_a h t /\ |h| < } ) g 



17 



16.2 



M < F' 



4.2 



a condition for Step 5. o = [(x - a)/h]. 

Ifi. (H| 5 - (x - a) e_R) 8 

True by Rule 19 since both x and a have type R. 

17. (x f a - x - a t 0) 8, 7 

IB. (x - a - - x » a) 12, 13 (from Stap 15) 

19. (S0LVE= (x-a-0) (x-aj) 20 TRUE 

20. (|x - al < D - |x - a I < D, ) 12, 13 (from Step 15) 



21. (SOLVE* 0,) 



17, 18 D 

(intersection <0 E/4'M'> «-« 0. 



QED. 



Example 4 . (ltm x = a ). 
x-« 

1. (f = A x x Z - Limf a (a-a)) 

2. (0 < E - (0 « D A {x e^_ /v x f a a !x - a| * D + |x-x - a-a| - E))) 

In 2, D is a variable and (E), (x 0), and (a) are skolem expres- 
sions. 

SET-TYPE assigns type <0 »» to E. 

3. (0 < D) Rule 2 

4. (S0LVE< D) 17 D <Q -> 

5. (xj'a a |j:-a|<D 

* |x-x - a-a | < E) 2 x R 

6. (|x - a| < D - |x*x - a-a| < E) 8 

The limit heuristic is used, (EXTRACT (x - a) (x-x - a-a)) 
yields ((x+a) T). 

7. (H 5 - |x+a| < M) 16.1 

The limit heuristic is used again, (EXTRACT (x-a) (x+a)) yields 
(1 2-a T). 

8. (|x-a|<D * |x-a|<H/2) 16.1 (from Step 7) 

9. (S0LVE< D H/2) 18, 17 D <0 M/2> 

10. (H 7 - |2-a|«M/2> 16.2 (from Step 7) 

11. (S0LVE< |2-a| H/2) 17 M <2-|2*a| -> 

12. (|x - a| < D - |x - a| < E/2-H) 16.2 (from Step 5) 

13. (S0LVE< D E/2-H) 17 D 

(intersection <0 M/2> <— E/2-M> 



Example 5 . (Limit of a quotient). Tne proof Of this example is not 
complete. 



1. (Lim f a L /, L t -» Lim (1/f) a (1/L». 

2. (0 * E 1 - (0 ' D, a (x-, -^ a 't i C a |x 1 - a | < Dj 

- |f( Xl ) - L| < E,))) 

A L t - 

(0 < E - (0 < A {x c I a x/0 a |x-a|<D 



1 



3. <!f<x,)-Li «E, - l^y 



- i\ « E) 



The limit heuristic Rule 16 is applied, 
{SOLVE* {ftx,) - L) [y\jj - j- )) yields (" L .fj x ) <■)• **M* ° 



[x/x,]. 



Ke are required by Rule 16 to establish the subgoals 



0) <H S 



L^x7 



4 H), 



16.1 



and 



(2) (|f{x) - L| < E 1 - |f(x) - L; « E/2-M) 



16.2 



Subgoal (2) is easily established by assigning type <— E/2«M> 
to E., but (1) presents difficulty. In fact the program is unable to 
give a proof without some axioms or a change in the program. See Section 7 
for further comments on this example. 



6, Resolution 



In this section we show how the limit heuristic and the theory 
of types explained above can be used In ^Resolution based programs. 
This is done by giving some additional rules for resolution. These 



are; 



6,1 SET-TYPE Rule 

For each unit clause of the form 

(x c A} 
where x is a skolep expression which does not occur in A, assign the 
type A to x. Also for each unit clause of the form 

(x <a) 
where x is a skolem function which does not ocajr in a, assign the type 
<— a> to x- Similarly for unit cl^es of the form (b<x) assign type 
<b*> to x. In each of these cases, remove the unit clause. If x 
already has a type B and we are trying to assign a new type A, then 
assign the type (AnB) if it is non-empty; if (AnB) is empty, add the 
empty clause {(.e,, the proof is finished); if it cannot be determined 
whether (AnB) is empty, leave the original type as is and do not remove 
the unit clause. This SET-TYPE rule need only be applied at the 
beginning and after each new unit clause is generated. 



6.2 SOLVE < Rule 

For a clause of the form 
D v C* £ A) 



(1) if x has type A then add D to the list of clauses, (2) if x is a 
variable and x does not occur In A t then assign the type A to x and add 
D to the list of clauses. 

6.4 TRANSITIVE Rule 

When attempting to resolve two clauses of the form ((a * b) V A) 
and ({a' < c)v B)» where a n = a' for seme substitution a 9 if (SOLVE b c) 
is true, then add the resolvent (A v B) to the list of clauses, 

6.5 SOLVE* Rule 

For a clause of the form 
v (A/ BK 
if (SOLVE* A B) 15 true, with the value o, then add D to the list of 
clauses. 

6.8 When attempting to resolve two clauses of the form 

((a * b) v A) and ((c/ d) v B), 
if (SOLVE- (a-c)(b-d)) is true, with value o, then add (A v B) to the 
list of clauses. 

Before going to our limit heuristic rule* we give some examples 
using the above three rules. 



Example 1 

{0 ■ a 
Clauses 

1, < do 

2. * X v « ' «< 
3. 

4. x * a 

5. 



SOME i (0 * x a x •■ a)) 

Clause References Rule New Type Assignments 



From Theo 


rem 




NONE 


1 




SET-TYPE 


a (j «0«> 


2 




S0LVE< 


x <ft-» 


4 




50LVE< 


x <0 a > 



We could have removed x J ag first. 



4. 
5. 



{ x 

□ 



Z 

4 



SOLVE* x *— a > 
SOLVE* x <0 a„> 



Example 2 



Clauses 

1. < D 1 

2. < 0, 



' D 1 /, < D 2 - SOME D (0 < D A D • D, * D < D ) 
Clause References Rule Hew Type Assignments 



3. 1 D v D t D. v I 



I 



4. 
5. 
6. D f D, y D \ D 2 



From 
Theorem 



'2 



7. D \ Dj 

8. o 



1 
2 
3 
6 

7 



SET-TYPE 

SET-TYPE 

SOLVE* 

SOLVE* 

S0LVE< 



D 
D 
D 



<0 »» 

*0 *> 
<0 «' 



<0 Dj> 



{intersection 
<0 D,><0 D 2 >) 



fit steps 7 and 8, S0LVE«requ1red the knowledge that D, and D- both 



had 



type <0»>. 




Example 3 






(xe^ a xcN— *x/x) 


1. XeP 


From Theorem 


2. XeN, 




3- x=x 




4. 


1 


5- o 


? 



SET-TYPE x 
5ET-TYPE 



<0-> 



Assignments 



Example 4 

(0 * a a < b— (SOMEz {0 < z a (c «. z— c s «) 

A {d < z- d< b))> 

CUuses Clause References Rule Hew Type 

1. I a a 

2. < b c 

3. j z v c * z / do < z 

4. / z v Co< z * d ■( b ( 

5. f z v c f a D v d < z 

6. £ z * Co* a v d Q j b fl 

7- 
8. 

9. c < z V d < z 

10. c < z v d \ b 

11. c < z 

12. c j a v d < z 

13. cj < a v d ( b 

14. c * a 

15. o 



1 


SET-TYPE 


*o 


<o »> 


2 


SET-TYPE 


b 


<o -> 


3 


SOLVE < 


2 


<o *> 


4 


SOLVE< 






9,10 


Rule 6.4 


Z 


<0 b > 


5 


SOLVE < 






E 


SOLVE < 






12,13 


Rule 6.4 


Z 


<0 b > 


11,14 


Rule 6.4 


z 


(f ntersection 
<0 bo^O a >) 



By ordinary resolution we would require at least two axioms, 
Al. (0 < d A < b • SOME 2 (0 < X A Z < a A z < b}> 

A2. (x < y ft y < w •* x < w) , 

and a long and difficult sequence of resolution steps, This very example 
occurs as a disguised part of the proofs of most of the limit theorems, 
and therefore it is Important to have an easy proof for it requiring no 
axioms. 

Example 5. 

{x < -1 v 1 < x + 1 < |x|} * 
This produces clauses 

1. X < -1 V 1 4 „ 

Z. UlxJ 

Since there are no unit clauses, we cannot apply SET-TVPE, and 
SOLVE* cannot handle 2 because there is no type assigned to x ♦ Thus 
the procedure seems to fail here unless we have more axioms. However, 
1f we are employing the SPLITTING technique (see [1], end of Section 4), 
we know that resolving 1 and 2 is equivalent to resolving both 

1\ X Q < -1 1". 1 < X Q 

2'. 1 / |XJ 2". 1 I |x | 

(Note that we split Clause 1 since the two literals of 1 have no variable 
in coircnon,) These are both easy. 



3'. 




r 


4'. 


□ 


2' 


3". 




1" 


4". 


a 


2" 



SET-TYPE x Q <—-!> 

SOLVE- 



SET-TYPE x Q <I -> 



SOLVE < 

If we do not SPLIT,then two axioms, (1 < x - < x) and 
(0 < x - |x| ■ x) are required. 

Ordinary resolution would require six axioms and a lengthiy 
deduction. 

6.7 LIMIT-HEURISTIC Rule . When attempting to resolve two clauses Of 
the form 

UIAI < E')V C,) 

NIB] «E) V C 2 ) , 

try to find a substitution o which will allow B to be expressed as a 
non-trivial combination of A , 

(B- K-A + L)^ 

and, if this is possible, add the following new "resolvent" clause to 
the clause list 

K|K| < H) V ^(|A| < E/2-H) v (|L| < E/2) v C, v C ? ) 

14 
where M is a new variable with type <0 «>, 

The first part of 6.7 can be done by {EXTRACT A B)« See Section 3.1 

EXTRACT produces the desired K, L, and c, where c is the most general such 

substitution. 



14. Also the variable H is made an additional argument of all skolem functions 
appearing in (1) which already have at least one argument. 



E xample 6 . Given the clauses 

1. lf(X,) - L,! < E 1 

2. Ig{x 2 ) -L| <E 2 

3. |f(x) +g(x) - L 1 - L 2 | < E . 

where E. , E-, X«, x 2 are variables, and E, Ej , E- each has type *0 ->. 

Using Rule 6.7 on clauses 1 a.id 2 we get 

4. (EXTRACT <f(x,) - L,){f(x) + g{x) - L, - L 2 )) 

= (I (g(x) - L 2 ) [x/x,]) (See Section 3.1) 

5. Nil I < H) v Mf{x) - L|| < E/2 M v Mg(x) - L 2 | < E/2) 

6. Mf(x) - I_ 1 1 < E/2-M v ^lg(x) - L 2 I < E/2) 

From 5, using the SOLVE< Rule, type M is <1 ->. 

Using Rule 6.4 on clauses 1 and 6 we first call 

7. (SOLVE< E ] E/2-M) 

This results in assigning type <0 E/2-M> to E-i. 

B. Mg(x) - L 2 | < E/2) 6,7 Rule 6.4 

Using Rule 6.4 on clauses 2 and 8 we call 

9. (SOLVE< £ 2 E/2) 

This results In assigning type <0 E/2> to E-. 
10. O 2,B Rule 6.4 



Example 6 . (From the theorem that a function having a derivative at 
a point is continuous there). 



Clauses 



1. 



n***l - f < a > -f'Ne, 



Z. |f{x) - f(a)J I £ 

3. [x - a | < D 

where h, D and Ej are variables, and the other terms have type R. 

In attempting to resolve 1 and 2, the limit heuristic Rule 6.7, 
employs EXTRACT to obtain 

(f(x) • f(a)) = [h • ( f (a+h)^ f(a) . F .j t h , F ,j 

where o is the substitution [{x-a)/h]. It therefore produces the new 
clause 



4. |x - a| / M v 



fix) - f(a) . F . 



*jk v ' {x - a, - F 'l 'I 



x - a 

where M is a new variable of type <0 •>. Rule 6*4 applied to clause 4, 
gives 



5- I ff*) -/(a) r 
x - a 



/jV v !<*-*) Fl l /f 



and D is assigned type <0 M>. Rule 6.4 applied to 5 gives 

6. |(x - a)*F'| *| 

and E, is assigned type <-« E/2*H>. 

Again the limit heuristic Rule 6.7 is used on clauses 3 and 6, 
EXTRACT yields 

(x - a)-F' = F'-(x - a) + D 
and the new clause 



7. |F' | / H' V ix - a! f ^ 

is produced, where M' is a new variable of type <0 »>. 

Rule 6.4 is applied to 7 to obtain 
B. Ix - aj <57R. 

and M 1 Is assigned type <|F'| *>. 

Finally* Rule 6.4 is applied to ES to yield 
9. D QED. 

This final step also assigned to D the type {intersection <-» E/4-H'> <0 M>) 

Ordinary resolution would require several axionts for this proof 
and a very long deduction. Tj/is example constitutes a part of the proof 
that the limit of -isuro of two functions is the sum of their limits- 



7. Conroents 

One remark of note is that* except for the example on quotients, 
(mentioned below) these limit theorems were proved without the inclusion 
of axioms (reference theorems). This Is desirable because for most 
automatic theorem proving programs, the axioms have to be selected by 
humans for each theorem being proved. Of course^ we had to include the 
limit heuristic itself which acts like $ome axioms, but it does not 
hinder the proof of other theorems not requiring i t ¥ 

because it does 
not release its action unless its need Is detected. This is in the 
spirit of the "Big Switch" mentioned by flewall, Feigenbaum, and others. 

It was surprising to us that so many theorems would follow from 
one heuristic. Will this happen in other areas of mathematics? Can 
we provide a series of big switches which will handle many areas of 
mathematics without excessive irrelevant computing? We doubt that 1t 
can be so simple, but nevertheless feel that such heuristics should be 
sought for other areas of mathematics. The success of such A collec- 
tion of heuristics will depend in great part on the cleverness of the 
overseer program which directs the use of these heuristics. Hewitt's 
programing language PLANNER [5] might be well suited for writing such 
overseer programs, or for improving existing ones. 

CALCULATE VERSUS PROVE 

One thing that contributed to the success of this effort was 
the use of the routines 50LVE<, S0LVE= t and SIMPLIFY. The point is 



that they were used to calculate something rather than prove something. 
Since proving is inherently harder than calculation, we feel that such 
routines should be employed as much as possible. Think how difficult it 
would be in our proofs to employ a set of algebraic simplification axioms 
instead of using SIMPLIFY. Or suppose that instead of using EXTRACT 
to give us a linear decomposition, we tried to prove that such a linear 
decomposition exists. This suggests that more use ought to be made of 
calculation procedures within the proving mechanisms of automatic theorem 
provers. For example. 



in proving theorems 
_^ about 

derivatives 

limits 

differential equations 

real functions 

measure theory 

algebraic topology 

any field 



we might calculate 

limits 
solutions to equations 

derivatives 
solutions to equations 
that two sets are equal 
group theoretic results 
a most general unifier 



The unification algorithm is such an example, and it revolutionized 
automatic theorem proving when 0. A. Robinson defined its role in reso* 
lutlon. A source of power to a mathematician is his ability to leave 
to calculation those things that can be calculated and thereby free 
his mind for the harder task of finding inferences. 



TYPES 

The use of membership typos also helped considerably in proving 
these limit theorems. It is as If in proving, 
(1) SOME x (Pfx)AQ(x)) 

we first find A, the set of all x for which P(x), and assign A as the 
type of x t and then find B the set of all x for which Q(x), and if 
(AnB) is not empty, assign it as the type of x, and declare (1) to be 
true. This allows a maximum amount of freedom in the proving of Q(x) 
after P(x) has been proved; indeed x remains a variable , even though 
restricted, in the proof of Q(x), 

This procedure worked well in our examples because linear 
inequalities are so easy to solve* We do not recocmend that such a 
procedure should be used in all other situations, when theorems of 
type (1) are being proved, because it may be too difficult (or un- 
necessary) to solve for A the set of all x for which P{x) is true, 
before proving Q{x), We do suggest however that a procedure be 
followed that leaves x as a variable , though restricted, after P{x) 
has been proved and while Q(x) is being proved. Type theory might 
help attain such an objective. 

Our present program will not prove limit theorems involving 
quotients, such as 

(1) lira f(x) = L L=[0 lim 1 = 1 

x-a x+a 777) L . 

without the help of some axioms {see Example 5, Section 5), However, 

no axioms are needed for the proof of (1) if we add another heuristic 

to the program which is similar to the limit heuristic, but which is 



based upon the Inequality 

|x| - |y| < |x-y| 
instead of the triangle inequality 

U+yU |x| + |y|, 
upon which the limit heuristic is based. In fact, it might be desirable 
to develop a more general heuristic, which not only encompasses both 
ideas, but also tries to attain such objectives as bounding an expression, 
e.g. 

|g(x)| <M, for some M, 
and making an expression small, e.g. 

|f (x) - L | < E f for a given E. 
Finally, it should be mentioned that the routines described in 
Section 2 are meant for general use in analysis and not just for limit 
theorems. It is hoped that routines of this kind can be used to make 
up an analysis prover in which relatively simple heuristics can be added 
for great effect- 
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